2 * Copyright 2015-2019 The OpenSSL Project Authors. All Rights Reserved.
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
13 #include <openssl/bio.h>
14 #include <openssl/crypto.h>
15 #include <openssl/err.h>
16 #include <openssl/evp.h>
17 #include <openssl/rsa.h>
18 #include <openssl/x509.h>
19 #include <openssl/pem.h>
20 #include <openssl/kdf.h>
22 #include "internal/nelem.h"
23 #include "internal/evp_int.h"
26 * kExampleRSAKeyDER is an RSA private key in ASN.1, DER format. Of course, you
27 * should never use this key anywhere but in an example.
29 static const unsigned char kExampleRSAKeyDER
[] = {
30 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81, 0x00, 0xf8,
31 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5, 0xb4, 0x59,
32 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e, 0xd3, 0x37,
33 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34, 0x75, 0x71,
34 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde, 0x97, 0x8a,
35 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8, 0x50, 0xe4,
36 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b, 0xdc, 0xec,
37 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83, 0x58, 0x76,
38 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48, 0x1a, 0xd8,
39 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a, 0x5c, 0xd7,
40 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2, 0xa7, 0x2c,
41 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01, 0x00, 0x01,
42 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a, 0x6d, 0xc7,
43 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5, 0x32, 0x85,
44 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6, 0x5f, 0xee,
45 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8, 0x66, 0x85,
46 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6, 0xa4, 0x0a,
47 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f, 0xc2, 0x15,
48 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c, 0x5b, 0x83,
49 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78, 0x80, 0x1b,
50 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71, 0x99, 0x73,
51 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60, 0x1f, 0x99,
52 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d, 0xb1, 0x02,
53 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3, 0x40, 0x41,
54 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d, 0x3d, 0x59,
55 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18, 0xc6, 0xd9,
56 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d, 0x9f, 0xef,
57 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32, 0x46, 0x87,
58 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc, 0x2c, 0xdf,
59 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63, 0x55, 0xf5,
60 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05, 0xcd, 0xb5,
61 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16, 0xb3, 0x62,
62 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3, 0x9b, 0x64,
63 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85, 0xfa, 0xb8,
64 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97, 0xe8, 0xba,
65 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7, 0xe7, 0xfe,
66 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99, 0x75, 0xe7,
67 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4, 0x9d, 0xfe,
68 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d, 0xf1, 0xdb,
69 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40, 0x5a, 0x34,
70 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26, 0x84, 0x27,
71 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1, 0xe9, 0xc0,
72 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c, 0xb9, 0xba,
73 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30, 0x10, 0x06,
74 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea, 0x52, 0x2c,
75 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b, 0xc4, 0x1e,
76 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e, 0x49, 0xaf,
77 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9, 0xd1, 0x8a,
78 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae, 0x17, 0x17,
79 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d, 0x08, 0xf1,
80 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
84 * kExampleBadRSAKeyDER is an RSA private key in ASN.1, DER format. The private
85 * components are not correct.
87 static const unsigned char kExampleBadRSAKeyDER
[] = {
88 0x30, 0x82, 0x04, 0x27, 0x02, 0x01, 0x00, 0x02, 0x82, 0x01, 0x01, 0x00,
89 0xa6, 0x1a, 0x1e, 0x6e, 0x7b, 0xee, 0xc6, 0x89, 0x66, 0xe7, 0x93, 0xef,
90 0x54, 0x12, 0x68, 0xea, 0xbf, 0x86, 0x2f, 0xdd, 0xd2, 0x79, 0xb8, 0xa9,
91 0x6e, 0x03, 0xc2, 0xa3, 0xb9, 0xa3, 0xe1, 0x4b, 0x2a, 0xb3, 0xf8, 0xb4,
92 0xcd, 0xea, 0xbe, 0x24, 0xa6, 0x57, 0x5b, 0x83, 0x1f, 0x0f, 0xf2, 0xd3,
93 0xb7, 0xac, 0x7e, 0xd6, 0x8e, 0x6e, 0x1e, 0xbf, 0xb8, 0x73, 0x8c, 0x05,
94 0x56, 0xe6, 0x35, 0x1f, 0xe9, 0x04, 0x0b, 0x09, 0x86, 0x7d, 0xf1, 0x26,
95 0x08, 0x99, 0xad, 0x7b, 0xc8, 0x4d, 0x94, 0xb0, 0x0b, 0x8b, 0x38, 0xa0,
96 0x5c, 0x62, 0xa0, 0xab, 0xd3, 0x8f, 0xd4, 0x09, 0x60, 0x72, 0x1e, 0x33,
97 0x50, 0x80, 0x6e, 0x22, 0xa6, 0x77, 0x57, 0x6b, 0x9a, 0x33, 0x21, 0x66,
98 0x87, 0x6e, 0x21, 0x7b, 0xc7, 0x24, 0x0e, 0xd8, 0x13, 0xdf, 0x83, 0xde,
99 0xcd, 0x40, 0x58, 0x1d, 0x84, 0x86, 0xeb, 0xb8, 0x12, 0x4e, 0xd2, 0xfa,
100 0x80, 0x1f, 0xe4, 0xe7, 0x96, 0x29, 0xb8, 0xcc, 0xce, 0x66, 0x6d, 0x53,
101 0xca, 0xb9, 0x5a, 0xd7, 0xf6, 0x84, 0x6c, 0x2d, 0x9a, 0x1a, 0x14, 0x1c,
102 0x4e, 0x93, 0x39, 0xba, 0x74, 0xed, 0xed, 0x87, 0x87, 0x5e, 0x48, 0x75,
103 0x36, 0xf0, 0xbc, 0x34, 0xfb, 0x29, 0xf9, 0x9f, 0x96, 0x5b, 0x0b, 0xa7,
104 0x54, 0x30, 0x51, 0x29, 0x18, 0x5b, 0x7d, 0xac, 0x0f, 0xd6, 0x5f, 0x7c,
105 0xf8, 0x98, 0x8c, 0xd8, 0x86, 0x62, 0xb3, 0xdc, 0xff, 0x0f, 0xff, 0x7a,
106 0xaf, 0x5c, 0x4c, 0x61, 0x49, 0x2e, 0xc8, 0x95, 0x86, 0xc4, 0x0e, 0x87,
107 0xfc, 0x1d, 0xcf, 0x8b, 0x7c, 0x61, 0xf6, 0xd8, 0xd0, 0x69, 0xf6, 0xcd,
108 0x8a, 0x8c, 0xf6, 0x62, 0xa2, 0x56, 0xa9, 0xe3, 0xd1, 0xcf, 0x4d, 0xa0,
109 0xf6, 0x2d, 0x20, 0x0a, 0x04, 0xb7, 0xa2, 0xf7, 0xb5, 0x99, 0x47, 0x18,
110 0x56, 0x85, 0x87, 0xc7, 0x02, 0x03, 0x01, 0x00, 0x01, 0x02, 0x82, 0x01,
111 0x01, 0x00, 0x99, 0x41, 0x38, 0x1a, 0xd0, 0x96, 0x7a, 0xf0, 0x83, 0xd5,
112 0xdf, 0x94, 0xce, 0x89, 0x3d, 0xec, 0x7a, 0x52, 0x21, 0x10, 0x16, 0x06,
113 0xe0, 0xee, 0xd2, 0xe6, 0xfd, 0x4b, 0x7b, 0x19, 0x4d, 0xe1, 0xc0, 0xc0,
114 0xd5, 0x14, 0x5d, 0x79, 0xdd, 0x7e, 0x8b, 0x4b, 0xc6, 0xcf, 0xb0, 0x75,
115 0x52, 0xa3, 0x2d, 0xb1, 0x26, 0x46, 0x68, 0x9c, 0x0a, 0x1a, 0xf2, 0xe1,
116 0x09, 0xac, 0x53, 0x85, 0x8c, 0x36, 0xa9, 0x14, 0x65, 0xea, 0xa0, 0x00,
117 0xcb, 0xe3, 0x3f, 0xc4, 0x2b, 0x61, 0x2e, 0x6b, 0x06, 0x69, 0x77, 0xfd,
118 0x38, 0x7e, 0x1d, 0x3f, 0x92, 0xe7, 0x77, 0x08, 0x19, 0xa7, 0x9d, 0x29,
119 0x2d, 0xdc, 0x42, 0xc6, 0x7c, 0xd7, 0xd3, 0xa8, 0x01, 0x2c, 0xf2, 0xd5,
120 0x82, 0x57, 0xcb, 0x55, 0x3d, 0xe7, 0xaa, 0xd2, 0x06, 0x30, 0x30, 0x05,
121 0xe6, 0xf2, 0x47, 0x86, 0xba, 0xc6, 0x61, 0x64, 0xeb, 0x4f, 0x2a, 0x5e,
122 0x07, 0x29, 0xe0, 0x96, 0xb2, 0x43, 0xff, 0x5f, 0x1a, 0x54, 0x16, 0xcf,
123 0xb5, 0x56, 0x5c, 0xa0, 0x9b, 0x0c, 0xfd, 0xb3, 0xd2, 0xe3, 0x79, 0x1d,
124 0x21, 0xe2, 0xd6, 0x13, 0xc4, 0x74, 0xa6, 0xf5, 0x8e, 0x8e, 0x81, 0xbb,
125 0xb4, 0xad, 0x8a, 0xf0, 0x93, 0x0a, 0xd8, 0x0a, 0x42, 0x36, 0xbc, 0xe5,
126 0x26, 0x2a, 0x0d, 0x5d, 0x57, 0x13, 0xc5, 0x4e, 0x2f, 0x12, 0x0e, 0xef,
127 0xa7, 0x81, 0x1e, 0xc3, 0xa5, 0xdb, 0xc9, 0x24, 0xeb, 0x1a, 0xa1, 0xf9,
128 0xf6, 0xa1, 0x78, 0x98, 0x93, 0x77, 0x42, 0x45, 0x03, 0xe2, 0xc9, 0xa2,
129 0xfe, 0x2d, 0x77, 0xc8, 0xc6, 0xac, 0x9b, 0x98, 0x89, 0x6d, 0x9a, 0xe7,
130 0x61, 0x63, 0xb7, 0xf2, 0xec, 0xd6, 0xb1, 0xa1, 0x6e, 0x0a, 0x1a, 0xff,
131 0xfd, 0x43, 0x28, 0xc3, 0x0c, 0xdc, 0xf2, 0x47, 0x4f, 0x27, 0xaa, 0x99,
132 0x04, 0x8e, 0xac, 0xe8, 0x7c, 0x01, 0x02, 0x04, 0x12, 0x34, 0x56, 0x78,
133 0x02, 0x81, 0x81, 0x00, 0xca, 0x69, 0xe5, 0xbb, 0x3a, 0x90, 0x82, 0xcb,
134 0x82, 0x50, 0x2f, 0x29, 0xe2, 0x76, 0x6a, 0x57, 0x55, 0x45, 0x4e, 0x35,
135 0x18, 0x61, 0xe0, 0x12, 0x70, 0xc0, 0xab, 0xc7, 0x80, 0xa2, 0xd4, 0x46,
136 0x34, 0x03, 0xa0, 0x19, 0x26, 0x23, 0x9e, 0xef, 0x1a, 0xcb, 0x75, 0xd6,
137 0xba, 0x81, 0xf4, 0x7e, 0x52, 0xe5, 0x2a, 0xe8, 0xf1, 0x49, 0x6c, 0x0f,
138 0x1a, 0xa0, 0xf9, 0xc6, 0xe7, 0xec, 0x60, 0xe4, 0xcb, 0x2a, 0xb5, 0x56,
139 0xe9, 0x9c, 0xcd, 0x19, 0x75, 0x92, 0xb1, 0x66, 0xce, 0xc3, 0xd9, 0x3d,
140 0x11, 0xcb, 0xc4, 0x09, 0xce, 0x1e, 0x30, 0xba, 0x2f, 0x60, 0x60, 0x55,
141 0x8d, 0x02, 0xdc, 0x5d, 0xaf, 0xf7, 0x52, 0x31, 0x17, 0x07, 0x53, 0x20,
142 0x33, 0xad, 0x8c, 0xd5, 0x2f, 0x5a, 0xd0, 0x57, 0xd7, 0xd1, 0x80, 0xd6,
143 0x3a, 0x9b, 0x04, 0x4f, 0x35, 0xbf, 0xe7, 0xd5, 0xbc, 0x8f, 0xd4, 0x81,
144 0x02, 0x81, 0x81, 0x00, 0xc0, 0x9f, 0xf8, 0xcd, 0xf7, 0x3f, 0x26, 0x8a,
145 0x3d, 0x4d, 0x2b, 0x0c, 0x01, 0xd0, 0xa2, 0xb4, 0x18, 0xfe, 0xf7, 0x5e,
146 0x2f, 0x06, 0x13, 0xcd, 0x63, 0xaa, 0x12, 0xa9, 0x24, 0x86, 0xe3, 0xf3,
147 0x7b, 0xda, 0x1a, 0x3c, 0xb1, 0x38, 0x80, 0x80, 0xef, 0x64, 0x64, 0xa1,
148 0x9b, 0xfe, 0x76, 0x63, 0x8e, 0x83, 0xd2, 0xd9, 0xb9, 0x86, 0xb0, 0xe6,
149 0xa6, 0x0c, 0x7e, 0xa8, 0x84, 0x90, 0x98, 0x0c, 0x1e, 0xf3, 0x14, 0x77,
150 0xe0, 0x5f, 0x81, 0x08, 0x11, 0x8f, 0xa6, 0x23, 0xc4, 0xba, 0xc0, 0x8a,
151 0xe4, 0xc6, 0xe3, 0x5c, 0xbe, 0xc5, 0xec, 0x2c, 0xb9, 0xd8, 0x8c, 0x4d,
152 0x1a, 0x9d, 0xe7, 0x7c, 0x85, 0x4c, 0x0d, 0x71, 0x4e, 0x72, 0x33, 0x1b,
153 0xfe, 0xa9, 0x17, 0x72, 0x76, 0x56, 0x9d, 0x74, 0x7e, 0x52, 0x67, 0x9a,
154 0x87, 0x9a, 0xdb, 0x30, 0xde, 0xe4, 0x49, 0x28, 0x3b, 0xd2, 0x67, 0xaf,
155 0x02, 0x81, 0x81, 0x00, 0x89, 0x74, 0x9a, 0x8e, 0xa7, 0xb9, 0xa5, 0x28,
156 0xc0, 0x68, 0xe5, 0x6e, 0x63, 0x1c, 0x99, 0x20, 0x8f, 0x86, 0x8e, 0x12,
157 0x9e, 0x69, 0x30, 0xfa, 0x34, 0xd9, 0x92, 0x8d, 0xdb, 0x7c, 0x37, 0xfd,
158 0x28, 0xab, 0x61, 0x98, 0x52, 0x7f, 0x14, 0x1a, 0x39, 0xae, 0xfb, 0x6a,
159 0x03, 0xa3, 0xe6, 0xbd, 0xb6, 0x5b, 0x6b, 0xe5, 0x5e, 0x9d, 0xc6, 0xa5,
160 0x07, 0x27, 0x54, 0x17, 0xd0, 0x3d, 0x84, 0x9b, 0x3a, 0xa0, 0xd9, 0x1e,
161 0x99, 0x6c, 0x63, 0x17, 0xab, 0xf1, 0x1f, 0x49, 0xba, 0x95, 0xe3, 0x3b,
162 0x86, 0x8f, 0x42, 0xa4, 0x89, 0xf5, 0x94, 0x8f, 0x8b, 0x46, 0xbe, 0x84,
163 0xba, 0x4a, 0xbc, 0x0d, 0x5f, 0x46, 0xeb, 0xe8, 0xec, 0x43, 0x8c, 0x1e,
164 0xad, 0x19, 0x69, 0x2f, 0x08, 0x86, 0x7a, 0x3f, 0x7d, 0x0f, 0x07, 0x97,
165 0xf3, 0x9a, 0x7b, 0xb5, 0xb2, 0xc1, 0x8c, 0x95, 0x68, 0x04, 0xa0, 0x81,
166 0x02, 0x81, 0x80, 0x4e, 0xbf, 0x7e, 0x1b, 0xcb, 0x13, 0x61, 0x75, 0x3b,
167 0xdb, 0x59, 0x5f, 0xb1, 0xd4, 0xb8, 0xeb, 0x9e, 0x73, 0xb5, 0xe7, 0xf6,
168 0x89, 0x3d, 0x1c, 0xda, 0xf0, 0x36, 0xff, 0x35, 0xbd, 0x1e, 0x0b, 0x74,
169 0xe3, 0x9e, 0xf0, 0xf2, 0xf7, 0xd7, 0x82, 0xb7, 0x7b, 0x6a, 0x1b, 0x0e,
170 0x30, 0x4a, 0x98, 0x0e, 0xb4, 0xf9, 0x81, 0x07, 0xe4, 0x75, 0x39, 0xe9,
171 0x53, 0xca, 0xbb, 0x5c, 0xaa, 0x93, 0x07, 0x0e, 0xa8, 0x2f, 0xba, 0x98,
172 0x49, 0x30, 0xa7, 0xcc, 0x1a, 0x3c, 0x68, 0x0c, 0xe1, 0xa4, 0xb1, 0x05,
173 0xe6, 0xe0, 0x25, 0x78, 0x58, 0x14, 0x37, 0xf5, 0x1f, 0xe3, 0x22, 0xef,
174 0xa8, 0x0e, 0x22, 0xa0, 0x94, 0x3a, 0xf6, 0xc9, 0x13, 0xe6, 0x06, 0xbf,
175 0x7f, 0x99, 0xc6, 0xcc, 0xd8, 0xc6, 0xbe, 0xd9, 0x2e, 0x24, 0xc7, 0x69,
176 0x8c, 0x95, 0xba, 0xf6, 0x04, 0xb3, 0x0a, 0xf4, 0xcb, 0xf0, 0xce,
179 static const unsigned char kMsg
[] = { 1, 2, 3, 4 };
181 static const unsigned char kSignature
[] = {
182 0xa5, 0xf0, 0x8a, 0x47, 0x5d, 0x3c, 0xb3, 0xcc, 0xa9, 0x79, 0xaf, 0x4d,
183 0x8c, 0xae, 0x4c, 0x14, 0xef, 0xc2, 0x0b, 0x34, 0x36, 0xde, 0xf4, 0x3e,
184 0x3d, 0xbb, 0x4a, 0x60, 0x5c, 0xc8, 0x91, 0x28, 0xda, 0xfb, 0x7e, 0x04,
185 0x96, 0x7e, 0x63, 0x13, 0x90, 0xce, 0xb9, 0xb4, 0x62, 0x7a, 0xfd, 0x09,
186 0x3d, 0xc7, 0x67, 0x78, 0x54, 0x04, 0xeb, 0x52, 0x62, 0x6e, 0x24, 0x67,
187 0xb4, 0x40, 0xfc, 0x57, 0x62, 0xc6, 0xf1, 0x67, 0xc1, 0x97, 0x8f, 0x6a,
188 0xa8, 0xae, 0x44, 0x46, 0x5e, 0xab, 0x67, 0x17, 0x53, 0x19, 0x3a, 0xda,
189 0x5a, 0xc8, 0x16, 0x3e, 0x86, 0xd5, 0xc5, 0x71, 0x2f, 0xfc, 0x23, 0x48,
190 0xd9, 0x0b, 0x13, 0xdd, 0x7b, 0x5a, 0x25, 0x79, 0xef, 0xa5, 0x7b, 0x04,
191 0xed, 0x44, 0xf6, 0x18, 0x55, 0xe4, 0x0a, 0xe9, 0x57, 0x79, 0x5d, 0xd7,
192 0x55, 0xa7, 0xab, 0x45, 0x02, 0x97, 0x60, 0x42,
196 * kExampleRSAKeyPKCS8 is kExampleRSAKeyDER encoded in a PKCS #8
199 static const unsigned char kExampleRSAKeyPKCS8
[] = {
200 0x30, 0x82, 0x02, 0x76, 0x02, 0x01, 0x00, 0x30, 0x0d, 0x06, 0x09, 0x2a,
201 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x04, 0x82,
202 0x02, 0x60, 0x30, 0x82, 0x02, 0x5c, 0x02, 0x01, 0x00, 0x02, 0x81, 0x81,
203 0x00, 0xf8, 0xb8, 0x6c, 0x83, 0xb4, 0xbc, 0xd9, 0xa8, 0x57, 0xc0, 0xa5,
204 0xb4, 0x59, 0x76, 0x8c, 0x54, 0x1d, 0x79, 0xeb, 0x22, 0x52, 0x04, 0x7e,
205 0xd3, 0x37, 0xeb, 0x41, 0xfd, 0x83, 0xf9, 0xf0, 0xa6, 0x85, 0x15, 0x34,
206 0x75, 0x71, 0x5a, 0x84, 0xa8, 0x3c, 0xd2, 0xef, 0x5a, 0x4e, 0xd3, 0xde,
207 0x97, 0x8a, 0xdd, 0xff, 0xbb, 0xcf, 0x0a, 0xaa, 0x86, 0x92, 0xbe, 0xb8,
208 0x50, 0xe4, 0xcd, 0x6f, 0x80, 0x33, 0x30, 0x76, 0x13, 0x8f, 0xca, 0x7b,
209 0xdc, 0xec, 0x5a, 0xca, 0x63, 0xc7, 0x03, 0x25, 0xef, 0xa8, 0x8a, 0x83,
210 0x58, 0x76, 0x20, 0xfa, 0x16, 0x77, 0xd7, 0x79, 0x92, 0x63, 0x01, 0x48,
211 0x1a, 0xd8, 0x7b, 0x67, 0xf1, 0x52, 0x55, 0x49, 0x4e, 0xd6, 0x6e, 0x4a,
212 0x5c, 0xd7, 0x7a, 0x37, 0x36, 0x0c, 0xde, 0xdd, 0x8f, 0x44, 0xe8, 0xc2,
213 0xa7, 0x2c, 0x2b, 0xb5, 0xaf, 0x64, 0x4b, 0x61, 0x07, 0x02, 0x03, 0x01,
214 0x00, 0x01, 0x02, 0x81, 0x80, 0x74, 0x88, 0x64, 0x3f, 0x69, 0x45, 0x3a,
215 0x6d, 0xc7, 0x7f, 0xb9, 0xa3, 0xc0, 0x6e, 0xec, 0xdc, 0xd4, 0x5a, 0xb5,
216 0x32, 0x85, 0x5f, 0x19, 0xd4, 0xf8, 0xd4, 0x3f, 0x3c, 0xfa, 0xc2, 0xf6,
217 0x5f, 0xee, 0xe6, 0xba, 0x87, 0x74, 0x2e, 0xc7, 0x0c, 0xd4, 0x42, 0xb8,
218 0x66, 0x85, 0x9c, 0x7b, 0x24, 0x61, 0xaa, 0x16, 0x11, 0xf6, 0xb5, 0xb6,
219 0xa4, 0x0a, 0xc9, 0x55, 0x2e, 0x81, 0xa5, 0x47, 0x61, 0xcb, 0x25, 0x8f,
220 0xc2, 0x15, 0x7b, 0x0e, 0x7c, 0x36, 0x9f, 0x3a, 0xda, 0x58, 0x86, 0x1c,
221 0x5b, 0x83, 0x79, 0xe6, 0x2b, 0xcc, 0xe6, 0xfa, 0x2c, 0x61, 0xf2, 0x78,
222 0x80, 0x1b, 0xe2, 0xf3, 0x9d, 0x39, 0x2b, 0x65, 0x57, 0x91, 0x3d, 0x71,
223 0x99, 0x73, 0xa5, 0xc2, 0x79, 0x20, 0x8c, 0x07, 0x4f, 0xe5, 0xb4, 0x60,
224 0x1f, 0x99, 0xa2, 0xb1, 0x4f, 0x0c, 0xef, 0xbc, 0x59, 0x53, 0x00, 0x7d,
225 0xb1, 0x02, 0x41, 0x00, 0xfc, 0x7e, 0x23, 0x65, 0x70, 0xf8, 0xce, 0xd3,
226 0x40, 0x41, 0x80, 0x6a, 0x1d, 0x01, 0xd6, 0x01, 0xff, 0xb6, 0x1b, 0x3d,
227 0x3d, 0x59, 0x09, 0x33, 0x79, 0xc0, 0x4f, 0xde, 0x96, 0x27, 0x4b, 0x18,
228 0xc6, 0xd9, 0x78, 0xf1, 0xf4, 0x35, 0x46, 0xe9, 0x7c, 0x42, 0x7a, 0x5d,
229 0x9f, 0xef, 0x54, 0xb8, 0xf7, 0x9f, 0xc4, 0x33, 0x6c, 0xf3, 0x8c, 0x32,
230 0x46, 0x87, 0x67, 0x30, 0x7b, 0xa7, 0xac, 0xe3, 0x02, 0x41, 0x00, 0xfc,
231 0x2c, 0xdf, 0x0c, 0x0d, 0x88, 0xf5, 0xb1, 0x92, 0xa8, 0x93, 0x47, 0x63,
232 0x55, 0xf5, 0xca, 0x58, 0x43, 0xba, 0x1c, 0xe5, 0x9e, 0xb6, 0x95, 0x05,
233 0xcd, 0xb5, 0x82, 0xdf, 0xeb, 0x04, 0x53, 0x9d, 0xbd, 0xc2, 0x38, 0x16,
234 0xb3, 0x62, 0xdd, 0xa1, 0x46, 0xdb, 0x6d, 0x97, 0x93, 0x9f, 0x8a, 0xc3,
235 0x9b, 0x64, 0x7e, 0x42, 0xe3, 0x32, 0x57, 0x19, 0x1b, 0xd5, 0x6e, 0x85,
236 0xfa, 0xb8, 0x8d, 0x02, 0x41, 0x00, 0xbc, 0x3d, 0xde, 0x6d, 0xd6, 0x97,
237 0xe8, 0xba, 0x9e, 0x81, 0x37, 0x17, 0xe5, 0xa0, 0x64, 0xc9, 0x00, 0xb7,
238 0xe7, 0xfe, 0xf4, 0x29, 0xd9, 0x2e, 0x43, 0x6b, 0x19, 0x20, 0xbd, 0x99,
239 0x75, 0xe7, 0x76, 0xf8, 0xd3, 0xae, 0xaf, 0x7e, 0xb8, 0xeb, 0x81, 0xf4,
240 0x9d, 0xfe, 0x07, 0x2b, 0x0b, 0x63, 0x0b, 0x5a, 0x55, 0x90, 0x71, 0x7d,
241 0xf1, 0xdb, 0xd9, 0xb1, 0x41, 0x41, 0x68, 0x2f, 0x4e, 0x39, 0x02, 0x40,
242 0x5a, 0x34, 0x66, 0xd8, 0xf5, 0xe2, 0x7f, 0x18, 0xb5, 0x00, 0x6e, 0x26,
243 0x84, 0x27, 0x14, 0x93, 0xfb, 0xfc, 0xc6, 0x0f, 0x5e, 0x27, 0xe6, 0xe1,
244 0xe9, 0xc0, 0x8a, 0xe4, 0x34, 0xda, 0xe9, 0xa2, 0x4b, 0x73, 0xbc, 0x8c,
245 0xb9, 0xba, 0x13, 0x6c, 0x7a, 0x2b, 0x51, 0x84, 0xa3, 0x4a, 0xe0, 0x30,
246 0x10, 0x06, 0x7e, 0xed, 0x17, 0x5a, 0x14, 0x00, 0xc9, 0xef, 0x85, 0xea,
247 0x52, 0x2c, 0xbc, 0x65, 0x02, 0x40, 0x51, 0xe3, 0xf2, 0x83, 0x19, 0x9b,
248 0xc4, 0x1e, 0x2f, 0x50, 0x3d, 0xdf, 0x5a, 0xa2, 0x18, 0xca, 0x5f, 0x2e,
249 0x49, 0xaf, 0x6f, 0xcc, 0xfa, 0x65, 0x77, 0x94, 0xb5, 0xa1, 0x0a, 0xa9,
250 0xd1, 0x8a, 0x39, 0x37, 0xf4, 0x0b, 0xa0, 0xd7, 0x82, 0x27, 0x5e, 0xae,
251 0x17, 0x17, 0xa1, 0x1e, 0x54, 0x34, 0xbf, 0x6e, 0xc4, 0x8e, 0x99, 0x5d,
252 0x08, 0xf1, 0x2d, 0x86, 0x9d, 0xa5, 0x20, 0x1b, 0xe5, 0xdf,
255 #ifndef OPENSSL_NO_EC
257 * kExampleECKeyDER is a sample EC private key encoded as an ECPrivateKey
260 static const unsigned char kExampleECKeyDER
[] = {
261 0x30, 0x77, 0x02, 0x01, 0x01, 0x04, 0x20, 0x07, 0x0f, 0x08, 0x72, 0x7a,
262 0xd4, 0xa0, 0x4a, 0x9c, 0xdd, 0x59, 0xc9, 0x4d, 0x89, 0x68, 0x77, 0x08,
263 0xb5, 0x6f, 0xc9, 0x5d, 0x30, 0x77, 0x0e, 0xe8, 0xd1, 0xc9, 0xce, 0x0a,
264 0x8b, 0xb4, 0x6a, 0xa0, 0x0a, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d,
265 0x03, 0x01, 0x07, 0xa1, 0x44, 0x03, 0x42, 0x00, 0x04, 0xe6, 0x2b, 0x69,
266 0xe2, 0xbf, 0x65, 0x9f, 0x97, 0xbe, 0x2f, 0x1e, 0x0d, 0x94, 0x8a, 0x4c,
267 0xd5, 0x97, 0x6b, 0xb7, 0xa9, 0x1e, 0x0d, 0x46, 0xfb, 0xdd, 0xa9, 0xa9,
268 0x1e, 0x9d, 0xdc, 0xba, 0x5a, 0x01, 0xe7, 0xd6, 0x97, 0xa8, 0x0a, 0x18,
269 0xf9, 0xc3, 0xc4, 0xa3, 0x1e, 0x56, 0xe2, 0x7c, 0x83, 0x48, 0xdb, 0x16,
270 0x1a, 0x1c, 0xf5, 0x1d, 0x7e, 0xf1, 0x94, 0x2d, 0x4b, 0xcf, 0x72, 0x22,
275 * kExampleBadECKeyDER is a sample EC private key encoded as an ECPrivateKey
276 * structure. The private key is equal to the order and will fail to import
278 static const unsigned char kExampleBadECKeyDER
[] = {
279 0x30, 0x66, 0x02, 0x01, 0x00, 0x30, 0x13, 0x06, 0x07, 0x2A, 0x86, 0x48,
280 0xCE, 0x3D, 0x02, 0x01, 0x06, 0x08, 0x2A, 0x86, 0x48, 0xCE, 0x3D, 0x03,
281 0x01, 0x07, 0x04, 0x4C, 0x30, 0x4A, 0x02, 0x01, 0x01, 0x04, 0x20, 0xFF,
282 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xFF,
283 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84, 0xF3,
284 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51, 0xA1, 0x23, 0x03, 0x21, 0x00,
285 0x00, 0xFF, 0xFF, 0xFF, 0x00, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF,
286 0xFF, 0xFF, 0xFF, 0xFF, 0xBC, 0xE6, 0xFA, 0xAD, 0xA7, 0x17, 0x9E, 0x84,
287 0xF3, 0xB9, 0xCA, 0xC2, 0xFC, 0x63, 0x25, 0x51
291 static const unsigned char kExampleECPubKeyDER
[] = {
292 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
293 0x01, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
294 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
295 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
296 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
297 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
298 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
299 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
303 * kExampleBadECKeyDER is a sample EC public key with a wrong OID
304 * 1.2.840.10045.2.2 instead of 1.2.840.10045.2.1 - EC Public Key
306 static const unsigned char kExampleBadECPubKeyDER
[] = {
307 0x30, 0x59, 0x30, 0x13, 0x06, 0x07, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x02,
308 0x02, 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07, 0x03,
309 0x42, 0x00, 0x04, 0xba, 0xeb, 0x83, 0xfb, 0x3b, 0xb2, 0xff, 0x30, 0x53,
310 0xdb, 0xce, 0x32, 0xf2, 0xac, 0xae, 0x44, 0x0d, 0x3d, 0x13, 0x53, 0xb8,
311 0xd1, 0x68, 0x55, 0xde, 0x44, 0x46, 0x05, 0xa6, 0xc9, 0xd2, 0x04, 0xb7,
312 0xe3, 0xa2, 0x96, 0xc8, 0xb2, 0x5e, 0x22, 0x03, 0xd7, 0x03, 0x7a, 0x8b,
313 0x13, 0x5c, 0x42, 0x49, 0xc2, 0xab, 0x86, 0xd6, 0xac, 0x6b, 0x93, 0x20,
314 0x56, 0x6a, 0xc6, 0xc8, 0xa5, 0x0b, 0xe5
317 static const unsigned char pExampleECParamDER
[] = {
318 0x06, 0x08, 0x2a, 0x86, 0x48, 0xce, 0x3d, 0x03, 0x01, 0x07
322 typedef struct APK_DATA_st
{
323 const unsigned char *kder
;
329 int type
; /* 0 for private, 1 for public, 2 for params */
332 static APK_DATA keydata
[] = {
333 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), EVP_PKEY_RSA
},
334 {kExampleRSAKeyPKCS8
, sizeof(kExampleRSAKeyPKCS8
), EVP_PKEY_RSA
},
335 #ifndef OPENSSL_NO_EC
336 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), EVP_PKEY_EC
}
340 static APK_DATA keycheckdata
[] = {
341 {kExampleRSAKeyDER
, sizeof(kExampleRSAKeyDER
), EVP_PKEY_RSA
, 1, -2, -2, 0},
342 {kExampleBadRSAKeyDER
, sizeof(kExampleBadRSAKeyDER
), EVP_PKEY_RSA
,
344 #ifndef OPENSSL_NO_EC
345 {kExampleECKeyDER
, sizeof(kExampleECKeyDER
), EVP_PKEY_EC
, 1, 1, 1, 0},
346 /* group is also associated in our pub key */
347 {kExampleECPubKeyDER
, sizeof(kExampleECPubKeyDER
), EVP_PKEY_EC
, 0, 1, 1, 1},
348 {pExampleECParamDER
, sizeof(pExampleECParamDER
), EVP_PKEY_EC
, 0, 0, 1, 2}
352 static EVP_PKEY
*load_example_rsa_key(void)
354 EVP_PKEY
*ret
= NULL
;
355 const unsigned char *derp
= kExampleRSAKeyDER
;
356 EVP_PKEY
*pkey
= NULL
;
359 if (!TEST_true(d2i_RSAPrivateKey(&rsa
, &derp
, sizeof(kExampleRSAKeyDER
))))
362 if (!TEST_ptr(pkey
= EVP_PKEY_new())
363 || !TEST_true(EVP_PKEY_set1_RSA(pkey
, rsa
)))
376 static int test_EVP_Enveloped(void)
379 EVP_CIPHER_CTX
*ctx
= NULL
;
380 EVP_PKEY
*keypair
= NULL
;
381 unsigned char *kek
= NULL
;
382 unsigned char iv
[EVP_MAX_IV_LENGTH
];
383 static const unsigned char msg
[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
384 int len
, kek_len
, ciphertext_len
, plaintext_len
;
385 unsigned char ciphertext
[32], plaintext
[16];
386 const EVP_CIPHER
*type
= EVP_aes_256_cbc();
388 if (!TEST_ptr(keypair
= load_example_rsa_key())
389 || !TEST_ptr(kek
= OPENSSL_zalloc(EVP_PKEY_size(keypair
)))
390 || !TEST_ptr(ctx
= EVP_CIPHER_CTX_new())
391 || !TEST_true(EVP_SealInit(ctx
, type
, &kek
, &kek_len
, iv
,
393 || !TEST_true(EVP_SealUpdate(ctx
, ciphertext
, &ciphertext_len
,
395 || !TEST_true(EVP_SealFinal(ctx
, ciphertext
+ ciphertext_len
,
399 ciphertext_len
+= len
;
401 if (!TEST_true(EVP_OpenInit(ctx
, type
, kek
, kek_len
, iv
, keypair
))
402 || !TEST_true(EVP_OpenUpdate(ctx
, plaintext
, &plaintext_len
,
403 ciphertext
, ciphertext_len
))
404 || !TEST_true(EVP_OpenFinal(ctx
, plaintext
+ plaintext_len
, &len
)))
407 plaintext_len
+= len
;
408 if (!TEST_mem_eq(msg
, sizeof(msg
), plaintext
, plaintext_len
))
414 EVP_PKEY_free(keypair
);
415 EVP_CIPHER_CTX_free(ctx
);
420 static int test_EVP_DigestSignInit(void)
423 EVP_PKEY
*pkey
= NULL
;
424 unsigned char *sig
= NULL
;
426 EVP_MD_CTX
*md_ctx
, *md_ctx_verify
= NULL
;
428 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new())
429 || !TEST_ptr(md_ctx_verify
= EVP_MD_CTX_new())
430 || !TEST_ptr(pkey
= load_example_rsa_key()))
433 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, EVP_sha256(), NULL
, pkey
))
434 || !TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
437 /* Determine the size of the signature. */
438 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
))
439 || !TEST_size_t_eq(sig_len
, (size_t)EVP_PKEY_size(pkey
)))
442 if (!TEST_ptr(sig
= OPENSSL_malloc(sig_len
))
443 || !TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
446 /* Ensure that the signature round-trips. */
447 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, EVP_sha256(),
449 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
,
451 || !TEST_true(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
)))
457 EVP_MD_CTX_free(md_ctx
);
458 EVP_MD_CTX_free(md_ctx_verify
);
465 static int test_EVP_DigestVerifyInit(void)
468 EVP_PKEY
*pkey
= NULL
;
469 EVP_MD_CTX
*md_ctx
= NULL
;
471 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new())
472 || !TEST_ptr(pkey
= load_example_rsa_key()))
475 if (!TEST_true(EVP_DigestVerifyInit(md_ctx
, NULL
, EVP_sha256(), NULL
, pkey
))
476 || !TEST_true(EVP_DigestVerifyUpdate(md_ctx
, kMsg
, sizeof(kMsg
)))
477 || !TEST_true(EVP_DigestVerifyFinal(md_ctx
, kSignature
,
478 sizeof(kSignature
))))
483 EVP_MD_CTX_free(md_ctx
);
488 static int test_d2i_AutoPrivateKey(int i
)
491 const unsigned char *p
;
492 EVP_PKEY
*pkey
= NULL
;
493 const APK_DATA
*ak
= &keydata
[i
];
494 const unsigned char *input
= ak
->kder
;
495 size_t input_len
= ak
->size
;
496 int expected_id
= ak
->evptype
;
499 if (!TEST_ptr(pkey
= d2i_AutoPrivateKey(NULL
, &p
, input_len
))
500 || !TEST_ptr_eq(p
, input
+ input_len
)
501 || !TEST_int_eq(EVP_PKEY_id(pkey
), expected_id
))
511 #ifndef OPENSSL_NO_EC
512 /* Tests loading a bad key in PKCS8 format */
513 static int test_EVP_PKCS82PKEY(void)
516 const unsigned char *derp
= kExampleBadECKeyDER
;
517 PKCS8_PRIV_KEY_INFO
*p8inf
= NULL
;
518 EVP_PKEY
*pkey
= NULL
;
520 if (!TEST_ptr(p8inf
= d2i_PKCS8_PRIV_KEY_INFO(NULL
, &derp
,
521 sizeof(kExampleBadECKeyDER
))))
524 if (!TEST_ptr_eq(derp
,
525 kExampleBadECKeyDER
+ sizeof(kExampleBadECKeyDER
)))
528 if (!TEST_ptr_null(pkey
= EVP_PKCS82PKEY(p8inf
)))
534 PKCS8_PRIV_KEY_INFO_free(p8inf
);
541 #ifndef OPENSSL_NO_SM2
543 static int test_EVP_SM2_verify(void)
545 /* From https://tools.ietf.org/html/draft-shen-sm2-ecdsa-02#appendix-A */
547 "-----BEGIN PUBLIC KEY-----\n"
548 "MIIBMzCB7AYHKoZIzj0CATCB4AIBATAsBgcqhkjOPQEBAiEAhULWnkwETxjouSQ1\n"
549 "v2/33kVyg5FcRVF9ci7biwjx38MwRAQgeHlotPoyw/0kF4Quc7v+/y88hItoMdfg\n"
550 "7GUiizk35JgEIGPkxtOyOwyEnPhCQUhL/kj2HVmlsWugbm4S0donxSSaBEEEQh3r\n"
551 "1hti6rZ0ZDTrw8wxXjIiCzut1QvcTE5sFH/t1D0GgFEry7QsB9RzSdIVO3DE5df9\n"
552 "/L+jbqGoWEG55G4JogIhAIVC1p5MBE8Y6LkkNb9v990pdyBjBIVijVrnTufDLnm3\n"
553 "AgEBA0IABArkx3mKoPEZRxvuEYJb5GICu3nipYRElel8BP9N8lSKfAJA+I8c1OFj\n"
554 "Uqc8F7fxbwc1PlOhdtaEqf4Ma7eY6Fc=\n"
555 "-----END PUBLIC KEY-----\n";
557 const char *msg
= "message digest";
558 const char *id
= "ALICE123@YAHOO.COM";
560 const uint8_t signature
[] = {
561 0x30, 0x44, 0x02, 0x20,
563 0x40, 0xF1, 0xEC, 0x59, 0xF7, 0x93, 0xD9, 0xF4, 0x9E, 0x09, 0xDC,
564 0xEF, 0x49, 0x13, 0x0D, 0x41, 0x94, 0xF7, 0x9F, 0xB1, 0xEE, 0xD2,
565 0xCA, 0xA5, 0x5B, 0xAC, 0xDB, 0x49, 0xC4, 0xE7, 0x55, 0xD1,
569 0x6F, 0xC6, 0xDA, 0xC3, 0x2C, 0x5D, 0x5C, 0xF1, 0x0C, 0x77, 0xDF,
570 0xB2, 0x0F, 0x7C, 0x2E, 0xB6, 0x67, 0xA4, 0x57, 0x87, 0x2F, 0xB0,
571 0x9E, 0xC5, 0x63, 0x27, 0xA6, 0x7E, 0xC7, 0xDE, 0xEB, 0xE7
576 EVP_PKEY
*pkey
= NULL
;
577 EVP_MD_CTX
*mctx
= NULL
;
578 EVP_PKEY_CTX
*pctx
= NULL
;
580 bio
= BIO_new_mem_buf(pubkey
, strlen(pubkey
));
581 if (!TEST_true(bio
!= NULL
))
584 pkey
= PEM_read_bio_PUBKEY(bio
, NULL
, NULL
, NULL
);
585 if (!TEST_true(pkey
!= NULL
))
588 if (!TEST_true(EVP_PKEY_set_alias_type(pkey
, EVP_PKEY_SM2
)))
591 if (!TEST_ptr(mctx
= EVP_MD_CTX_new()))
594 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new(pkey
, NULL
)))
597 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(pctx
, (const uint8_t *)id
,
601 EVP_MD_CTX_set_pkey_ctx(mctx
, pctx
);
603 if (!TEST_true(EVP_DigestVerifyInit(mctx
, NULL
, EVP_sm3(), NULL
, pkey
)))
606 if (!TEST_true(EVP_DigestVerifyUpdate(mctx
, msg
, strlen(msg
))))
609 if (!TEST_true(EVP_DigestVerifyFinal(mctx
, signature
, sizeof(signature
))))
616 EVP_PKEY_CTX_free(pctx
);
617 EVP_MD_CTX_free(mctx
);
621 static int test_EVP_SM2(void)
624 EVP_PKEY
*pkey
= NULL
;
625 EVP_PKEY
*params
= NULL
;
626 EVP_PKEY_CTX
*pctx
= NULL
;
627 EVP_PKEY_CTX
*kctx
= NULL
;
628 EVP_PKEY_CTX
*sctx
= NULL
;
630 unsigned char *sig
= NULL
;
631 EVP_MD_CTX
*md_ctx
= NULL
;
632 EVP_MD_CTX
*md_ctx_verify
= NULL
;
633 EVP_PKEY_CTX
*cctx
= NULL
;
635 uint8_t ciphertext
[128];
636 size_t ctext_len
= sizeof(ciphertext
);
638 uint8_t plaintext
[8];
639 size_t ptext_len
= sizeof(plaintext
);
641 uint8_t sm2_id
[] = {1, 2, 3, 4, 'l', 'e', 't', 't', 'e', 'r'};
643 pctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_EC
, NULL
);
647 if (!TEST_true(EVP_PKEY_paramgen_init(pctx
) == 1))
650 if (!TEST_true(EVP_PKEY_CTX_set_ec_paramgen_curve_nid(pctx
, NID_sm2
)))
653 if (!TEST_true(EVP_PKEY_paramgen(pctx
, ¶ms
)))
656 kctx
= EVP_PKEY_CTX_new(params
, NULL
);
660 if (!TEST_true(EVP_PKEY_keygen_init(kctx
)))
663 if (!TEST_true(EVP_PKEY_keygen(kctx
, &pkey
)))
666 if (!TEST_true(EVP_PKEY_set_alias_type(pkey
, EVP_PKEY_SM2
)))
669 if (!TEST_ptr(md_ctx
= EVP_MD_CTX_new()))
672 if (!TEST_ptr(md_ctx_verify
= EVP_MD_CTX_new()))
675 if (!TEST_ptr(sctx
= EVP_PKEY_CTX_new(pkey
, NULL
)))
678 EVP_MD_CTX_set_pkey_ctx(md_ctx
, sctx
);
679 EVP_MD_CTX_set_pkey_ctx(md_ctx_verify
, sctx
);
681 if (!TEST_int_gt(EVP_PKEY_CTX_set1_id(sctx
, sm2_id
, sizeof(sm2_id
)), 0))
684 if (!TEST_true(EVP_DigestSignInit(md_ctx
, NULL
, EVP_sm3(), NULL
, pkey
)))
687 if(!TEST_true(EVP_DigestSignUpdate(md_ctx
, kMsg
, sizeof(kMsg
))))
690 /* Determine the size of the signature. */
691 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, NULL
, &sig_len
)))
694 if (!TEST_size_t_eq(sig_len
, (size_t)EVP_PKEY_size(pkey
)))
697 if (!TEST_ptr(sig
= OPENSSL_malloc(sig_len
)))
700 if (!TEST_true(EVP_DigestSignFinal(md_ctx
, sig
, &sig_len
)))
703 /* Ensure that the signature round-trips. */
705 if (!TEST_true(EVP_DigestVerifyInit(md_ctx_verify
, NULL
, EVP_sm3(), NULL
, pkey
)))
708 if (!TEST_true(EVP_DigestVerifyUpdate(md_ctx_verify
, kMsg
, sizeof(kMsg
))))
711 if (!TEST_true(EVP_DigestVerifyFinal(md_ctx_verify
, sig
, sig_len
)))
714 /* now check encryption/decryption */
716 if (!TEST_ptr(cctx
= EVP_PKEY_CTX_new(pkey
, NULL
)))
719 if (!TEST_true(EVP_PKEY_encrypt_init(cctx
)))
722 if (!TEST_true(EVP_PKEY_encrypt(cctx
, ciphertext
, &ctext_len
, kMsg
, sizeof(kMsg
))))
725 if (!TEST_true(EVP_PKEY_decrypt_init(cctx
)))
728 if (!TEST_true(EVP_PKEY_decrypt(cctx
, plaintext
, &ptext_len
, ciphertext
, ctext_len
)))
731 if (!TEST_true(ptext_len
== sizeof(kMsg
)))
734 if (!TEST_true(memcmp(plaintext
, kMsg
, sizeof(kMsg
)) == 0))
739 EVP_PKEY_CTX_free(pctx
);
740 EVP_PKEY_CTX_free(kctx
);
741 EVP_PKEY_CTX_free(sctx
);
742 EVP_PKEY_CTX_free(cctx
);
744 EVP_PKEY_free(params
);
745 EVP_MD_CTX_free(md_ctx
);
746 EVP_MD_CTX_free(md_ctx_verify
);
753 static struct keys_st
{
759 EVP_PKEY_HMAC
, "0123456789", NULL
761 EVP_PKEY_POLY1305
, "01234567890123456789012345678901", NULL
763 EVP_PKEY_SIPHASH
, "0123456789012345", NULL
765 #ifndef OPENSSL_NO_EC
767 EVP_PKEY_X25519
, "01234567890123456789012345678901",
768 "abcdefghijklmnopqrstuvwxyzabcdef"
770 EVP_PKEY_ED25519
, "01234567890123456789012345678901",
771 "abcdefghijklmnopqrstuvwxyzabcdef"
774 "01234567890123456789012345678901234567890123456789012345",
775 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
778 "012345678901234567890123456789012345678901234567890123456",
779 "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcde"
784 static int test_set_get_raw_keys_int(int tst
, int pub
)
787 unsigned char buf
[80];
789 size_t inlen
, len
= 0;
792 /* Check if this algorithm supports public keys */
793 if (keys
[tst
].pub
== NULL
)
796 memset(buf
, 0, sizeof(buf
));
799 inlen
= strlen(keys
[tst
].pub
);
800 in
= (unsigned char *)keys
[tst
].pub
;
801 pkey
= EVP_PKEY_new_raw_public_key(keys
[tst
].type
,
806 inlen
= strlen(keys
[tst
].priv
);
807 in
= (unsigned char *)keys
[tst
].priv
;
808 pkey
= EVP_PKEY_new_raw_private_key(keys
[tst
].type
,
815 || (!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, NULL
, &len
)))
816 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, NULL
, &len
)))
817 || !TEST_true(len
== inlen
)
818 || (!pub
&& !TEST_true(EVP_PKEY_get_raw_private_key(pkey
, buf
, &len
)))
819 || (pub
&& !TEST_true(EVP_PKEY_get_raw_public_key(pkey
, buf
, &len
)))
820 || !TEST_mem_eq(in
, inlen
, buf
, len
))
829 static int test_set_get_raw_keys(int tst
)
831 return test_set_get_raw_keys_int(tst
, 0)
832 && test_set_get_raw_keys_int(tst
, 1);
835 static int pkey_custom_check(EVP_PKEY
*pkey
)
840 static int pkey_custom_pub_check(EVP_PKEY
*pkey
)
845 static int pkey_custom_param_check(EVP_PKEY
*pkey
)
850 static EVP_PKEY_METHOD
*custom_pmeth
;
852 static int test_EVP_PKEY_check(int i
)
855 const unsigned char *p
;
856 EVP_PKEY
*pkey
= NULL
;
857 #ifndef OPENSSL_NO_EC
858 EC_KEY
*eckey
= NULL
;
860 EVP_PKEY_CTX
*ctx
= NULL
;
861 EVP_PKEY_CTX
*ctx2
= NULL
;
862 const APK_DATA
*ak
= &keycheckdata
[i
];
863 const unsigned char *input
= ak
->kder
;
864 size_t input_len
= ak
->size
;
865 int expected_id
= ak
->evptype
;
866 int expected_check
= ak
->check
;
867 int expected_pub_check
= ak
->pub_check
;
868 int expected_param_check
= ak
->param_check
;
876 if (!TEST_ptr(pkey
= d2i_AutoPrivateKey(NULL
, &p
, input_len
))
877 || !TEST_ptr_eq(p
, input
+ input_len
)
878 || !TEST_int_eq(EVP_PKEY_id(pkey
), expected_id
))
881 #ifndef OPENSSL_NO_EC
883 if (!TEST_ptr(pubkey
= BIO_new_mem_buf(input
, input_len
))
884 || !TEST_ptr(eckey
= d2i_EC_PUBKEY_bio(pubkey
, NULL
))
885 || !TEST_ptr(pkey
= EVP_PKEY_new())
886 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey
, eckey
)))
890 if (!TEST_ptr(eckey
= d2i_ECParameters(NULL
, &p
, input_len
))
891 || !TEST_ptr_eq(p
, input
+ input_len
)
892 || !TEST_ptr(pkey
= EVP_PKEY_new())
893 || !TEST_true(EVP_PKEY_assign_EC_KEY(pkey
, eckey
)))
901 if (!TEST_ptr(ctx
= EVP_PKEY_CTX_new(pkey
, NULL
)))
904 if (!TEST_int_eq(EVP_PKEY_check(ctx
), expected_check
))
907 if (!TEST_int_eq(EVP_PKEY_public_check(ctx
), expected_pub_check
))
910 if (!TEST_int_eq(EVP_PKEY_param_check(ctx
), expected_param_check
))
913 ctx2
= EVP_PKEY_CTX_new_id(0xdefaced, NULL
);
914 /* assign the pkey directly, as an internal test */
915 EVP_PKEY_up_ref(pkey
);
918 if (!TEST_int_eq(EVP_PKEY_check(ctx2
), 0xbeef))
921 if (!TEST_int_eq(EVP_PKEY_public_check(ctx2
), 0xbeef))
924 if (!TEST_int_eq(EVP_PKEY_param_check(ctx2
), 0xbeef))
930 EVP_PKEY_CTX_free(ctx
);
931 EVP_PKEY_CTX_free(ctx2
);
937 static int test_HKDF(void)
940 unsigned char out
[20];
943 unsigned char salt
[] = "0123456789";
944 unsigned char key
[] = "012345678901234567890123456789";
945 unsigned char info
[] = "infostring";
946 const unsigned char expected
[] = {
947 0xe5, 0x07, 0x70, 0x7f, 0xc6, 0x78, 0xd6, 0x54, 0x32, 0x5f, 0x7e, 0xc5,
948 0x7b, 0x59, 0x3e, 0xd8, 0x03, 0x6b, 0xed, 0xca
950 size_t expectedlen
= sizeof(expected
);
952 if (!TEST_ptr(pctx
= EVP_PKEY_CTX_new_id(EVP_PKEY_HKDF
, NULL
)))
955 /* We do this twice to test reuse of the EVP_PKEY_CTX */
956 for (i
= 0; i
< 2; i
++) {
957 outlen
= sizeof(out
);
958 memset(out
, 0, outlen
);
960 if (!TEST_int_gt(EVP_PKEY_derive_init(pctx
), 0)
961 || !TEST_int_gt(EVP_PKEY_CTX_set_hkdf_md(pctx
, EVP_sha256()), 0)
962 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_salt(pctx
, salt
,
963 sizeof(salt
) - 1), 0)
964 || !TEST_int_gt(EVP_PKEY_CTX_set1_hkdf_key(pctx
, key
,
966 || !TEST_int_gt(EVP_PKEY_CTX_add1_hkdf_info(pctx
, info
,
967 sizeof(info
) - 1), 0)
968 || !TEST_int_gt(EVP_PKEY_derive(pctx
, out
, &outlen
), 0)
969 || !TEST_mem_eq(out
, outlen
, expected
, expectedlen
))
976 EVP_PKEY_CTX_free(pctx
);
981 #ifndef OPENSSL_NO_EC
982 static int test_X509_PUBKEY_inplace(void)
985 X509_PUBKEY
*xp
= NULL
;
986 const unsigned char *p
= kExampleECPubKeyDER
;
987 size_t input_len
= sizeof(kExampleECPubKeyDER
);
989 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(NULL
, &p
, input_len
)))
992 if (!TEST_ptr(X509_PUBKEY_get0(xp
)))
995 p
= kExampleBadECPubKeyDER
;
996 input_len
= sizeof(kExampleBadECPubKeyDER
);
998 if (!TEST_ptr(xp
= d2i_X509_PUBKEY(&xp
, &p
, input_len
)))
1001 if (!TEST_true(X509_PUBKEY_get0(xp
) == NULL
))
1007 X509_PUBKEY_free(xp
);
1012 int setup_tests(void)
1014 ADD_TEST(test_EVP_DigestSignInit
);
1015 ADD_TEST(test_EVP_DigestVerifyInit
);
1016 ADD_TEST(test_EVP_Enveloped
);
1017 ADD_ALL_TESTS(test_d2i_AutoPrivateKey
, OSSL_NELEM(keydata
));
1018 #ifndef OPENSSL_NO_EC
1019 ADD_TEST(test_EVP_PKCS82PKEY
);
1021 #ifndef OPENSSL_NO_SM2
1022 ADD_TEST(test_EVP_SM2
);
1023 ADD_TEST(test_EVP_SM2_verify
);
1025 ADD_ALL_TESTS(test_set_get_raw_keys
, OSSL_NELEM(keys
));
1026 custom_pmeth
= EVP_PKEY_meth_new(0xdefaced, 0);
1027 if (!TEST_ptr(custom_pmeth
))
1029 EVP_PKEY_meth_set_check(custom_pmeth
, pkey_custom_check
);
1030 EVP_PKEY_meth_set_public_check(custom_pmeth
, pkey_custom_pub_check
);
1031 EVP_PKEY_meth_set_param_check(custom_pmeth
, pkey_custom_param_check
);
1032 if (!TEST_int_eq(EVP_PKEY_meth_add0(custom_pmeth
), 1))
1034 ADD_ALL_TESTS(test_EVP_PKEY_check
, OSSL_NELEM(keycheckdata
));
1035 ADD_TEST(test_HKDF
);
1036 #ifndef OPENSSL_NO_EC
1037 ADD_TEST(test_X509_PUBKEY_inplace
);